Cyber Risk Management Specialist

Group Specialist - Cyber Risk Management

KEY ACCOUNTABILITIES

1. Enhance cyber risk management framework and governing processes in-line with Enterprise Risk Management guidelines, international standards, frameworks and best practices.

2. Support in rolling out of global technology risk taxonomy and unified controls framework, incorporating the control self-assessment results into the risk assessment process for CHO and global data centers. 

3. Conduct periodic risk assessments for the Corporate Head Office and Group Technology to identify, assess and document cyber risks in corresponding risk registers in-line with defined policies and procedures.

4. Advise risk owners and custodians on the risk response options (mitigate, transfer, accept, avoid) and assist in defining corresponding action plans for identified risks that are above DPW risk appetite & tolerance.

5. Assist risk owners and custodians in preparing and signing risk acceptance forms, ensuring that all approved forms are retained for future reference and audit trail.

6. Ensure timely update of the risk register with all emerging risks identified from such activities as periodic risk assessments, vulnerability assessments, security advisories, internal/external audit reports, etc. 

7. Develop and implement periodic reporting mechanisms for cyber risk practices for higher management to track implementation progress and current risk posture.

8. Coordinate with and assist regional business units in conducting cyber risk assessments, developing and maintaining necessary documents.

9. Conduct periodic compliance checks at the CHO and Group Technology to provide assurance over effectiveness of key technology controls (e.g. change management and ITSM, security solutions coverage, etc.).

10. Provide support on the periodic internal and external security assessments and audit reviews conducted by regulators and auditors.

11. Act as an ambassador for DP World at all times when working; promoting and demonstrating positive behaviours in harmony with DP World’s Principles, values and culture; ensuring the highest level of safety is applied in all activities; understanding and following DP World’s Code of Conduct and Ethics policies.

12. Perform other related duties as assigned.

     

QUALIFICATIONS, EXPERIENCE AND SKILLS

Knowledge and Experience

• Bachelor’s Degree in Computer Science or equivalent.
• Should have 8-10 years of experience in IT governance with at least 5 years’ experience in Cyber Risk Management domain.
• Experience in establishing cyber risk management processes.

• Industry recognized risk management related certifications preferred, including: CRISC, CISM, CISA and/or ISO 27001/ISO 31000.

• Working knowledge of COBIT-2019 framework, ISR, NIST Risk Management Framework, ISO 31000, ISO 27005, ISO 27001, etc.
• Good understanding in E-commerce, logistics, supply chain & port operations applications will be an added advantage.
• Experience in working with Multinational Companies (MNC) is preferable.

Soft Skills

• Excellent communication & analytical skills.
• Program and Project management skills.
• Time management skills.
• Team player and conflict management skills.
• Coaching / guiding skills.
• Ability to adapt in a complex environment, loves challenges, with the will and drive to learn new things on his/her own.
• Cultural awareness.

Technical Skills

• Technical know-how about cyber risk management, including risk assessments and response, development of risk register, reporting on risk posture, etc. 
• COBIT-2019 framework, ISR, NIST Risk Management Framework, ISO 31000, ISO 27005, ISO 27001.
• Knowledge of developing policies, procedures related to cyber risk management processes.
• Expertise in Microsoft Word, Excel & PowerPoint.

#LI-AA6